On 11.01.2017 22:13, Daniel Gultsch wrote: > The entire 'block messages from strangers' thing is a poor mans > workaround for the spam problem. I don't think there is a use case for > this outside of fighting spam. And it's not even very effective in > fighting spam as spammers could just move over to subscription spam.
It would also block subscription spam. Also I don't see subscription-state based server-side blocking as a primary means against SPAM. How do you counter an attacker with thousands of socket puppet XMPP accounts, registered at hundreds of open services, which constantly send you messages, with and without a body and of different sizes, and presence subscription requests in order to drain your mobile devices battery? The only solution I came up with so far is to give mobile clients the ability to (temporary) block all stanzas from contacts which are not subscribed to their presence. And while privacy lists suck, because they are lists, it is currently the only XEP that does provide such a mechanism. And regarding Sam's UX question: Mobile clients come often in the situation where they could probably change/relaxen the server-side blocking rules, e.g. when charging/AC connected. It is possible to deliver the presence subscription request(s) which where blocked until then when that happens. Happy to discuss and develop an XEP which provides the strengths of privacy lists and blocking commands. I am thinking of an approach which requires the server only to check 3-6 conditions (subscription state, from has domainpart X, from is part of bare address Y, from is in roster group Z, …) on a stanza, with at most one lookup in a set to determine if the condition is meet in order to decide if the stanza should be locked. - Florian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
